{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-024.pdf"
    },
    "title": "Vulnerabilities in VMware Products",
    "serial_number": "2024-024",
    "publish_date": "07-03-2024 13:12:18",
    "description": "On March 5, 2024, VMware released fixes for four vulnerabilities affecting several VMware products. The most serious bugs could allow a malicious actor with local admin privileges on a virtual machine to execute code as the virtual machine\u2019s VMX process running on the host. <br>\nIt is recommended upgrading affected software as soon as possible.<br>\n",
    "url_title": "2024-024",
    "content_markdown": "---\ntitle: 'Vulnerabilities in VMware Products'\nnumber: '2024-024'\nversion: '1.0'\noriginal_date: 'March 5, 2024'\ndate: 'March 6, 2024'\n---\n\n_History:_\n\n* _06/03/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn March 5, 2024, VMware released fixes for four vulnerabilities affecting several VMware products. The most serious bugs could allow a malicious actor with local admin privileges on a virtual machine to execute code as the virtual machine\u2019s VMX process running on the host. \n\nIt is recommended upgrading affected software as soon as possible.\n\n# Technical Details\n\nThe vulnerabilities **CVE-2024-22252** and **CVE-2024-22253**, both with a CVSS score of 9.3 Workstation/Fusion and of 8.4 for ESXi, are Use-after-free vulnerability in XHCI USB controller and in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.\t\n\nThe vulnerability **CVE-2024-22254**, with a CVSS score of 7.9, is an out-of-bounds write vulnerability in ESXi. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.\n\nThe vulnerability **CVE-2024-22255**, with a CVSS score of 7.1, is an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.  \n\n\n# Affected Products\n\nThese vulnerabilities affect VMware ESXi 7.0 and 8.0, VMware Workstation 17.x and VMware Fusion 13.x.\n\n# Recommendations\n\nCERT-EU strongly recommends updating affected software to the latest versions by following the instructions given by the vendor [1].\n\n# References\n\n[1] <https://www.vmware.com/security/advisories/VMSA-2024-0006.html>",
    "content_html": "<p><em>History:</em></p><ul><li><em>06/03/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On March 5, 2024, VMware released fixes for four vulnerabilities affecting several VMware products. The most serious bugs could allow a malicious actor with local admin privileges on a virtual machine to execute code as the virtual machine\u2019s VMX process running on the host. </p><p>It is recommended upgrading affected software as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerabilities <strong>CVE-2024-22252</strong> and <strong>CVE-2024-22253</strong>, both with a CVSS score of 9.3 Workstation/Fusion and of 8.4 for ESXi, are Use-after-free vulnerability in XHCI USB controller and in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. </p><p>The vulnerability <strong>CVE-2024-22254</strong>, with a CVSS score of 7.9, is an out-of-bounds write vulnerability in ESXi. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.</p><p>The vulnerability <strong>CVE-2024-22255</strong>, with a CVSS score of 7.1, is an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. </p><h2 id=\"affected-products\">Affected Products</h2><p>These vulnerabilities affect VMware ESXi 7.0 and 8.0, VMware Workstation 17.x and VMware Fusion 13.x.</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends updating affected software to the latest versions by following the instructions given by the vendor [1].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.vmware.com/security/advisories/VMSA-2024-0006.html\">https://www.vmware.com/security/advisories/VMSA-2024-0006.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}